Add Firebox Cloud to WatchGuard Cloud (Cloud-Managed)

Applies To: Cloud-managed Fireboxes

The Firebox Cloud Bring Your Own License (BYOL) also includes a license for WatchGuard Cloud. After you activate a Firebox Cloud BYOL license, you can add the Firebox Cloud instance to your WatchGuard Cloud account.

Firebox Cloud is available for Amazon Web Services (AWS) and Microsoft Azure cloud computing platforms.

To manage Firebox Cloud from WatchGuard Cloud, you must add Firebox Cloud as a cloud-managed device and then upload a payload to your Firebox Cloud instance.

Because Firebox Cloud is optimized to protect servers in a virtual private cloud, some setup requirements, configuration options, and available features are different from other Firebox models. For more information, go to Firebox Cloud Feature Differences.

Before You Begin

Before you add a Firebox Cloud instance to WatchGuard Cloud, make sure that:

  • You have purchased a Firebox Cloud BYOL license.
  • You have deployed the AWS or Azure instance.
  • You have your Instance ID, also known as the VM ID. You need this to activate your license, and to log in to Fireware Web UI to run the Firebox Cloud Setup Wizard.
  • You have activated the Firebox Cloud instance in your WatchGuard account.
  • The Firebox Cloud instance is allocated to a Subscriber account (Service Providers only). For more information, go to Allocate Fireboxes.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Devices permissions to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

To add a Firebox Cloud instance as cloud-managed, it must meet these requirements:

For a Firebox Cloud instance to successfully connect to WatchGuard Cloud as cloud-managed, it must run Fireware v12.7.1 or higher.

The version of Fireware originally manufactured on the device appears in the Device Information section of the Product Details page in the WatchGuard website.

If your Firebox uses a lower version of Fireware, you must first set up the Firebox as a locally-managed device and upgrade it to Fireware to v12.7.1 or higher before you can add it as a cloud-managed device. For information about Fireware upgrade methods, go to Firebox Upgrade, Downgrade, and Migration.

If you previously configured the Firebox Cloud instance as locally-managed, you must reset it to factory-default settings before it can connect to WatchGuard Cloud as a cloud-managed device. For the steps to reset your Firebox Cloud instance, go to Changes that Require a Firebox Cloud Reboot.

Add a Firebox Cloud Device to WatchGuard Cloud

When you add a Firebox Cloud instance to WatchGuard Cloud as a cloud-managed device, you configure the device name, time zone, and device passwords. Network settings are configured by Microsoft AWS or Microsoft Azure.

To add Firebox Cloud to WatchGuard Cloud as a cloud-managed device:

  1. Log in to your WatchGuard Cloud account.
  2. For Service Provider accounts, from Account Manager, select My Account.
  3. Select Manage > Devices or Configure > Devices.
  4. Click Add Device.
    A list of activated Fireboxes opens.
  5. Click the Name of the Firebox you want to add or click .
    A confirmation dialog box opens.
  6. Click Add Device.
    The Add Device to WatchGuard Cloud page opens.

Screen shot of the Add Device page with the Cloud Management option selected

  1. Select Cloud Management.
  2. Click Next.
  3. Configure Firebox system settings:
    • Name — The name to identify the Firebox in WatchGuard Cloud.
    • Time Zone — The time zone of the location where the Firebox is installed.
    • Device Folder — Select the folder that you want to add your device to. Device Folders help you to view status and summarized data for groups of devices.
      If you only have one root folder, the folder list does not appear.

Screen shot of the Device Name and Time Zone settings

  1. Click Next.
  2. Set Firebox device passwords for connections to Fireware Web UI on the Firebox. Device passwords must be 8-32 characters long, and must contain uppercase and lowercase letters, at least one number, and at least one symbol.

The admin password you specify here is used to encrypt the payload. You must use the same admin password when you upload the payload in the Firebox Cloud Web Setup Wizard.

Caution: To keep your device secure, make sure you do not use the default passphrases for the admin account (readwrite) and status account (readonly). We recommend you specify unique passphrases for each Firebox you manage and change them frequently.

For a cloud-managed Firebox, you can use Fireware Web UI to recover the Firebox connection to WatchGuard Cloud. You cannot use Fireware Web UI to modify the Firebox configuration.

  1. Click Next.
  2. Click Download Payload.
    A dialog box opens for you to save the payload file to your default download folder in your browser. The package has a TGZ extension. For example, package_FVE1028C0754 .

Screen shot of the Download Payload page in the Add Device Wizard

Record the location where you saved the payload file. In the next section, you will upload the payload in the Fireware Web UI to connect your Firebox Cloud instance to WatchGuard Cloud.

Screen shot of the Completed Download Payload page in the Add Device Wizard

Your device is now added to WatchGuard Cloud, but not yet connected. You must now upload the payload to your Firebox Cloud instance in the Fireware Web UI.

Upload the Payload and Connect the Firebox

Before you can manage Firebox Cloud in WatchGuard Cloud, you must upload the payload you downloaded from WatchGuard Cloud.

The payload includes:

  • Verification code
  • Admin and status passwords
  • Initial configuration
  • Feature key

To upload the payload and connect your Firebox Cloud instance to WatchGuard Cloud:

  1. Open a web browser and go to https://<eth0_public_IP>:8080.
  2. Log in with the default administrator account user name and password:
    • Username — admin
    • Password — the Firebox Cloud Instance ID
  3. Select Enable cloud management.

Screen shot of the Welcome Web Setup Wizard page

  1. Click Next.
  2. Accept the terms of the License Agreement.

Screen shot of the license agreement page in the Firebox Cloud Setup Wizard

  1. Click Next.
  2. Upload the payload.
    1. Type the admin password you created in the Add Device Wizard in WatchGuard Cloud. This password is used to decrypt the payload.
    2. Click Browse, navigate to the location where you saved the payload, and select the payload file.

Screen shot of the Upload Payload page in the Web Setup Wizard

  1. Click Next.
    The payload file uploads and applies changes to the Firebox. When the process finishes, you see a message.

Screen shot of the Upload Payload complete page in the Firebox Cloud Setup Wizard

Verify the Firebox Cloud Status

After you upload the payload and connect Firebox Cloud in the Fireware Web UI, log in to WatchGuard Cloud to verify the connection status and other summary information on the Device Settings page and the Deployment History page.

Because AWS or Azure controls the networking information for Firebox Cloud, the Networking and Live Status Monitoring sections in WatchGuard Cloud do not show the same level of detail as physical Fireboxes or FireboxV.

For more information, go to:

Related Topics

About WatchGuard Cloud

Recover the Firebox Connection to WatchGuard Cloud

Add a Cloud-Managed Firebox to WatchGuard Cloud

Add FireboxV to WatchGuard Cloud (Cloud-Managed)

Copy Configuration Settings from a Cloud-Managed Device